{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7066", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-12-21T19:40:53.933Z", "datePublished": "2024-08-12T21:46:38.910Z", "dateUpdated": "2024-08-14T14:02:45.201Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "JT2Go", "vendor": "Siemens", "versions": [{"lessThan": "V14.3.0.8", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [{"lessThan": "V14.1.0.14", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "V14.2.0.10", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "V14.3.0.8", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "V2312.0002", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "MoyunSec reported this vulnerability to Siemens."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The affected applications contain an out of bounds read past the end of \nan allocated structure while parsing specially crafted PDF files. This \ncould allow an attacker to execute code in the context of the current \nprocess."}], "value": "The affected applications contain an out of bounds read past the end of \nan allocated structure while parsing specially crafted PDF files. This \ncould allow an attacker to execute code in the context of the current \nprocess."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7.3, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-08-12T21:46:38.910Z"}, "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-722010.html"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-03"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\nSiemens has released new versions for the affected products and recommends to update to the latest versions.\n\n:</p><ul><li>Teamcenter Visualization V14.1: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">V14.1.0.14 or later version</a></li><li>Teamcenter Visualization V14.2: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">V14.2.0.10 or later version</a></li><li>JT2Go: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://plm.sw.siemens.com/en-US/plmcomponents/jt/jt2go/\">V14.3.0.8 or later version</a></li><li>Teamcenter Visualization V14.3: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">V14.3.0.8 or later version</a></li><li>Teamcenter Visualization V2312: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">V2312.0002 or later version</a></li></ul>\nFor more information see the associated Siemens security advisory SSA-722010\n\n\n\n<br>"}], "value": "Siemens has released new versions for the affected products and recommends to update to the latest versions.\n\n:\n\n * Teamcenter Visualization V14.1: Update to V14.1.0.14 or later version https://support.sw.siemens.com/ \n * Teamcenter Visualization V14.2: Update to V14.2.0.10 or later version https://support.sw.siemens.com/ \n * JT2Go: Update to V14.3.0.8 or later version https://plm.sw.siemens.com/en-US/plmcomponents/jt/jt2go/ \n * Teamcenter Visualization V14.3: Update to V14.3.0.8 or later version https://support.sw.siemens.com/ \n * Teamcenter Visualization V2312: Update to V2312.0002 or later version https://support.sw.siemens.com/ \n\n\n\nFor more information see the associated Siemens security advisory SSA-722010"}], "source": {"advisory": "ICSA-24-193-03", "discovery": "EXTERNAL"}, "title": "Siemens Teamcenter Visualization and JT2Go Out-of-bounds Read", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>To reduce risk, Siemens \nrecommends users not open untrusted PDF files in affected applications.<br></p><ul>\n</ul>\n<p>As a general security measure, Siemens recommends protecting network \naccess to devices with appropriate mechanisms. To operate the devices in\n a protected IT environment, Siemens recommends configuring the \nenvironment according to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/operational-guidelines-industrial-security\">Siemens' operational guidelines for industrial security</a> and following recommendations in the product manuals.</p>\n<p>Additional information on industrial security by Siemens can be found on the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\">Siemens industrial security webpage</a></p>For more information see the associated Siemens security advisory SSA-722010\n\n<br>"}], "value": "To reduce risk, Siemens \nrecommends users not open untrusted PDF files in affected applications.\n\n\n\n\n\n\nAs a general security measure, Siemens recommends protecting network \naccess to devices with appropriate mechanisms. To operate the devices in\n a protected IT environment, Siemens recommends configuring the \nenvironment according to Siemens' operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security and following recommendations in the product manuals.\n\n\nAdditional information on industrial security by Siemens can be found on the Siemens industrial security webpage https://www.siemens.com/industrialsecurity \n\nFor more information see the associated Siemens security advisory SSA-722010"}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "siemens", "product": "jt2go", "cpes": ["cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "14.3.0.8", "versionType": "custom"}]}, {"vendor": "siemens", "product": "teamcenter_visualization", "cpes": ["cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "14.1.0.14", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "14.2.0.10", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "14.3.0.8", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "2312.0002", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-14T13:56:38.749766Z", "id": "CVE-2023-7066", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T14:02:45.201Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7066", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-14T13:56:38.749766Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "jt2go", "versions": [{"status": "affected", "version": "0", "lessThan": "14.3.0.8", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*"], "vendor": "siemens", "product": "teamcenter_visualization", "versions": [{"status": "affected", "version": "0", "lessThan": "14.1.0.14", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "14.2.0.10", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "14.3.0.8", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "2312.0002", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-14T14:02:31.105Z"}}], "cna": {"title": "Siemens Teamcenter Visualization and JT2Go Out-of-bounds Read", "source": {"advisory": "ICSA-24-193-03", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "MoyunSec reported this vulnerability to Siemens."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Siemens", "product": "JT2Go", "versions": [{"status": "affected", "version": "0", "lessThan": "V14.3.0.8", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Siemens", "product": "Teamcenter Visualization", "versions": [{"status": "affected", "version": "0", "lessThan": "V14.1.0.14", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "V14.2.0.10", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "V14.3.0.8", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "V2312.0002", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Siemens has released new versions for the affected products and recommends to update to the latest versions.\n\n:\n\n * Teamcenter Visualization V14.1: Update to V14.1.0.14 or later version https://support.sw.siemens.com/ \n * Teamcenter Visualization V14.2: Update to V14.2.0.10 or later version https://support.sw.siemens.com/ \n * JT2Go: Update to V14.3.0.8 or later version https://plm.sw.siemens.com/en-US/plmcomponents/jt/jt2go/ \n * Teamcenter Visualization V14.3: Update to V14.3.0.8 or later version https://support.sw.siemens.com/ \n * Teamcenter Visualization V2312: Update to V2312.0002 or later version https://support.sw.siemens.com/ \n\n\n\nFor more information see the associated Siemens security advisory SSA-722010", "supportingMedia": [{"type": "text/html", "value": "<p>\nSiemens has released new versions for the affected products and recommends to update to the latest versions.\n\n:</p><ul><li>Teamcenter Visualization V14.1: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">V14.1.0.14 or later version</a></li><li>Teamcenter Visualization V14.2: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">V14.2.0.10 or later version</a></li><li>JT2Go: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://plm.sw.siemens.com/en-US/plmcomponents/jt/jt2go/\">V14.3.0.8 or later version</a></li><li>Teamcenter Visualization V14.3: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">V14.3.0.8 or later version</a></li><li>Teamcenter Visualization V2312: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\">V2312.0002 or later version</a></li></ul>\nFor more information see the associated Siemens security advisory SSA-722010\n\n\n\n<br>", "base64": false}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-722010.html"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-03"}], "workarounds": [{"lang": "en", "value": "To reduce risk, Siemens \nrecommends users not open untrusted PDF files in affected applications.\n\n\n\n\n\n\nAs a general security measure, Siemens recommends protecting network \naccess to devices with appropriate mechanisms. To operate the devices in\n a protected IT environment, Siemens recommends configuring the \nenvironment according to Siemens' operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security and following recommendations in the product manuals.\n\n\nAdditional information on industrial security by Siemens can be found on the Siemens industrial security webpage https://www.siemens.com/industrialsecurity \n\nFor more information see the associated Siemens security advisory SSA-722010", "supportingMedia": [{"type": "text/html", "value": "<p>To reduce risk, Siemens \nrecommends users not open untrusted PDF files in affected applications.<br></p><ul>\n</ul>\n<p>As a general security measure, Siemens recommends protecting network \naccess to devices with appropriate mechanisms. To operate the devices in\n a protected IT environment, Siemens recommends configuring the \nenvironment according to <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/operational-guidelines-industrial-security\">Siemens' operational guidelines for industrial security</a> and following recommendations in the product manuals.</p>\n<p>Additional information on industrial security by Siemens can be found on the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\">Siemens industrial security webpage</a></p>For more information see the associated Siemens security advisory SSA-722010\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The affected applications contain an out of bounds read past the end of \nan allocated structure while parsing specially crafted PDF files. This \ncould allow an attacker to execute code in the context of the current \nprocess.", "supportingMedia": [{"type": "text/html", "value": "The affected applications contain an out of bounds read past the end of \nan allocated structure while parsing specially crafted PDF files. This \ncould allow an attacker to execute code in the context of the current \nprocess.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-08-12T21:46:38.910Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7066", "state": "PUBLISHED", "dateUpdated": "2024-08-14T14:02:45.201Z", "dateReserved": "2023-12-21T19:40:53.933Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-08-12T21:46:38.910Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The affected applications contain an out of bounds read past the end of \nan allocated structure while parsing specially crafted PDF files. This \ncould allow an attacker to execute code in the context of the current \nprocess."}], "id": "CVE-2023-7066", "lastModified": "2024-08-13T12:58:25.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-08-12T22:15:08.770", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://cert-portal.siemens.com/productcert/html/ssa-722010.html"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}